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APPELLANT'S BRIEF 



Commissioner for Patents 

P.O. Box 1450, 

Alexandria, Virginia 22313-1450 
Sir: 

This is the Applicants' appeal from the final Office Action, mailed October 4, 
2007 (Paper No. 20070927). A two-month extension of time is requested for this 
response. 

This is also responsive to the Notification of Non-Compliant Appeal Brief mailed 
July 16, 2008 (Paper No. 20080715). 

Real Party in Interest 

Arbor Networks, Inc. is the real party in interest. 

Related Appeals and Interferences 

There are no related appeals or interferences. 
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Status of Claims 

Claims 1-32, 34 and 35 are pending in this application. Claim 33 was cancelled. 
Claims 1-32, 34 and 35 are rejected. The rejection of claims 1-32, 34 and 35 is being 

hereby appealed. 

Status of Amendments 

All amendments have been entered. There were no post final amendments or 
proposed amendments. 

Summary of Claimed Subject Matter 

Please note that in the following discussion, reference is made to the instant 
application as published: US Pat. Publ. No. US 2005/00050 17A1. 

Claim 1 concerns a system for controlling communications over a computer 
network. See US 2005/0005017A1 at Fig. 1 and paragraph [0034]. The system 
comprises: 

access control devices for the computer network that control communications 
between compartments of the computer network, see US 2005/00050 17A1 
at Fig. 1, reference number 1 14 and paragraph [0035]; 

attack detection system for determining whether the computer network may be 
under attack, see US 2005/0005017A1 at Fig. 1, reference number 112 
and paragraph [0035]; and 

a control plane for instructing the access control devices to allow network 
communications between the compartments of the computer network 
based on a usage model describing legitimate network communications 
while restricting other network communications between the 
compartments, in response to attack, see US 2005/00050 17A1 at Fig. 1, 
reference CP and paragraph [0036]. 

Claim 21 concems a method for responding to an attack on a computer network. 
See generally US 2005/00050 17A1 at Fig. 5. The method comprises: 
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generating a usage model for the computer network, see US 2005/00050 17A1 
at Fig. 3 reference 320 and paragraph [0067]; 

determining whether the computer network may be under attack, see US 
2005/00050 17A1 at Fig. 4A and 4B and paragraph [0072]; 

in response to detecting attack, determining characteristics of the attack, see 
US 2005/0005017A1 at Fig. 4A reference 418 and paragraph [0080]; and 

generating instructions to access control devices compartmentalizing the 

computer network in response to the characteristics of the attack, wherein 
the step of generating instructions to the access control devices comprises 
formulating pass and/or blocking rules for the access control devices in 
response to protocol characteristics and/or port characteristic of the attack, 
see US 2005/00050 17A1 at Fig. 5 reference 524 and paragraphs [0105] 
and[114]-[117]; 

issuing the instructions to the access control device which then 

compartmentalize the computer network by implementing the pass and/or 
blocking rules, see US 2005/0005017A1 at Fig. 5 reference 530 and 
paragraphs [125]-[131]. 

Claim 35 concerns a system for controlling communications over a computer 
network. See US 2005/00050 17A1 at Fig. 1 and paragraph [0034]. The system 
comprises: 

access control devices for the computer network that control communications 
between compartments of the computer network, see US 2005/0005017A1 
at Fig. 1, reference number 1 14 and paragraph [0035]; 

attack detection system for determining whether the computer network may be 
under attack, see US 2005/00050 17A1 at Fig. 1, reference number 1 12 
and paragraph [0035]; and 

a control plane for instructing the access control devices to only allow network 
communications between the host computers in different compartments of 
the computer network based on a usage model describing legitimate 
network communications while restricting all other network 
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communications between the host computers, in response to attack, see 
US 2005/00050 17A1 at Fig. 1, reference CP and paragraph [0036]. 

Grounds of Rejection to be Reviewed on Appeal 

I. Whether claims 1-20 are unpatentable under 35 U.S.C. 101 over claims 1-20 of 
copending Application No. 1 0/887,2 1 3 . 

II. Whether claims 1-10, 12-14, and 18 are unpatentable under 35 U.S.C. 103(a) over 

Copeland (US PgPub 2002/0144156). 

III. Whether claims 11, 16-17, 19-31 and 34 are unpatentable under 35 U.S.C. 103(a) 
over Copeland (US PgPub 2002/0144156) and fiirther in view of Yadav (US PgPub 

2003/0149888). 

IV. Whether claim 15 is unpatentable under 35 U.S.C. 103(a) over Copeland (US 
PgPub 2002/0144156) and fiirther in view of Day (US Patent 7,017,186). 

Argument 

Claims 1-20 are patentable over claims 1-20 of copending Application No. 10/887.213 
(Grounds of Rejection: 1) 

A "same invention" rejection under 35 U.S.C. 101 requires that both 
applications/patents claim the same invention. MPEP at page 800-19, Rev. 5, Aug. 2006, 
provides a test: 

A mliable test for double pateiitmg yader 35 U.S.C, 
101 is wlieilier a claim in fee application could be lit- 
erally iofiiiiged witlioiif Jitemily infoiiging a corre- 

spondiiig claim in tlie patent. In re Fbgd, 422 E,2d 
438, 164 USPQ 619 (CCPA 1970). Is tliere mi emtod- 
kmiit of fibs invention ilmt Mis within the scope of 
one daisiL hut not the other? If there is siicli as 
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The present claims describe a different invention from those in the 10/887,213 
application. For example, extracting or monitoring authentication events is mentioned in 
all of the pending claims of the 10/887,213 application. In contrast, authentication is not 
mentioned in any of the claims of the pending application. Thus, there is an embodiment, 
i.e., a system or method that does not provide for authentication event 
extraction/monitoring, that is within the scope of the claims of the present application but 
outside the scope of the claims of the 10/887,213 application. 

Thus, the present application does not claim the "same invention" as the 
10/887,213 application. 

Claims 1-10, 12-14. and 18 are patentable over Copeland (Grounds of Rejection: IT\ and 
Claims 11, 16-17. 19-31 and 34 are patentable over Copeland in view of Yadav (Grounds 
of Rejection: IIH 

Embodiments of the present invention are directed to protecting a 
communications network, such a computer network, from attack, such as from self- 
propagating code or other breaches to security policies. The network is divided into 
"compartments" that are separated by access control devices, such as firewalls. The 
access control devices are then used to stop security breaches such as the spread of self- 
propagating attack code, the "zero-day" worms, for example. However, the access 
control devices are configured such that upon activation, legitimate network services will 
not be jeopardized. 

The invention capitalizes on the insight that much of the problem with zero-day 
worms and other attacks originates from network resources that are not in normal use. By 
blocking traffic that is atypical for a particular network (for instance: database 
connections between two desktop systems that never normally speak a database protocol) 
the system is able to generate blocking actions that stifle the majority of attacks. On the 
other hand, the system is much less likely to disrupt business processes, since access 
confrol devices will still permit network communications that exhibit behavior that are 
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characteristic of normal communication patterns on the network, i.e., behavior 
characterized by pass rules that are also deployed to the access control devices. 

The system described in the Copeland has some similarities to the system of the 
instant application. Copeland describes, for example, port profiling and trying to assess 
when computers are under attack. Copeland further teaches to drop certain packets from 
certain host computers. However, what the system of Copeland lacks is something akin 
to the claimed: 1) multiple access control devices; and 2) a control plane, which instructs 
the access control devices to allow network communications between the compartments 
of the computer network based on a usage model describing legitimate network 
communications . 

-Independent claims 1.21. and 35 

The Examiner bears the initial burden of establishing a prima facie case. In re 

Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). To estabHsh a prima facie case of 
obviousness, all the claim features must be taught by the prior art. In re Royka, 490 F.2d 
981, 985 (CCPA 1974). If examination at the initial stage does not produce a prima facie 
case of unpatentability, then without more the applicant is entitled to a grant of the patent. 
Oetiker, 977 F.2d at 1445. 

Here, the independent claims contain two features that are not shown or suggested 
by the applied references, thus necessitating withdrawal of the rejections. 

First, each of the independent claims requires access control devices that control 
communications between compartments of the computer network, claim 1; control 
devices compartmentalizing the computer network in response to the characteristics of 
the attack, claim 21, and access control devices to only allow network communications 
between the host computers in different compartments of the computer network, claim 
35. 

The pending Office Action concedes that this feature is not taught by the applied 
reference. For example at page 4, last paragraph, the pending Office Action provides: 
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I The ©x^mmar mim that Copsiand doesn't expffeliiy clfectose mul%te 
access ceniro! 4mlms thm control a^rmfnlcsfSofi* b«ts«e^ compSft«K»i^.s of 
the snse^ork, however, as shown so fig.2 the network described simpte t<&rms. 

Nevertheless, the pending Office Action argues that the feature of using access 
control device to compartmentalize the network would have been obvious. The basis for 
this assertion is set forth on page 5 of the pending Office Action: 

It wouk! have beers obvsous for ox\e ofdsnaty sksSi in the art to vsew the inside 
netwosl^ m (xmMnmg i^OfB mm 2 osmputefs asief necessariiy more than one 

have beers obvious tW < '> fnaf oetv Jo^ x.^^. -^ec-^s vi! ^KHpi ^fronl s' 
the netwofi? and each would maintain a separate port profsliog engme as 
ftecesisgrily smplied, 

Network compartmentalization, as claimed, would not have been obvious from 
the applied references since such a configuration is : 1) confrary to the set up shown in 
the applied references; and 2) confrary to the typical way in which such devices are 
deployed. In more detail, access confrol devices, or firewalls, are typically deployed at 
network edges not for the claimed compartmentalization. Copeland's Fig. 1 shows its 
port profiling engine deployed in the typical fashion at a network edge between the server 
130 and the internet 199. This typical mode of deployment is consistent with the 
description in the present application. For example, paragraph [0003] provides: 

pmers. l\nm MI OS ate deploy ai Ihe edgtss of istt Lei^irijste 
ne.t:v^'oiLs: to lasulale the networks iiDm sinaullioiked acceais 
from tiii.a1 party or public iiel^^orks, mch as tlie loJerNet, 

In short, there is nothing to support the assertion that the use of multiple access 
control devices to compartmentalize the network would have been obvious. Moreover, 
this theme of compartmentalization has been consistently described as an important 
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feature of the present invention as expressed in paragraph [0012] of US 
2005/00050 17A1: 

{J tt-vtj V 1 c n u K oil's itiHo 1- avb >^ V mj Htf 
V ir\ ini it Kk <Ntvtt 0.-^ »{ s,lt 1 1 *r uii3.i.i\ V «.t 
ihti bu I htv 1 1 st,v I lit pi. J c ^t.t^v in m ttE 

) t t iiji'"ijm>.i K 1 lit SLp^i Jk « ''^ V ss t-^ tt\t 

i,L tvt-N MHh lf!X% lilt V i\U il ckV}<,<,N U 

thCR Usui to ih< Srctint't bit K^ sikI is Jhw \-^rvui «.* 
M.ll-pToriiaatin» aitiv.k V. jA, iht ^-^-rmIiv vvorns \t 
i,\smil^k llo-At^ti, l^i. ivt^^vs CiJtifiCtl dtti(.i,s af'^ tt li^ 

Thus, for this reason the present claimed invention is distinguishable of the 
applied references. 

The present claimed invention is also distinguishable for having a usage model 
defining communications that are allowed by the access control device while restricting 
other communications during an attack. Specifically claim 1 requires: "a control plane 
for instructing the access control devices to allow network communications between the 
compartments of the computer network based on a usage model describing legitimate 
network communications while restricting other network communications between the 
compartments, in response to attack"; and claim 35 requires "a control plane for 
instructing the access control devices to only allow network communications between the 
host computers in different compartments of the computer network based on a usage 
model describing legitimate network communications while restricting all other network 
communications between the host computers". 

In short, the present claimed invention responds to an attack by causing access 
control devices, such as firewalls, allow communications during an attack, not simply 
block certain communications. This distinguishes the invention from the applied 
references. 

In more detail, Copeland describes a system that seems to issue "alarms." For 
example cited paragraph [0066] from the Copeland provides: 
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[0066] Once the port pofile is accurate, ihe port profiOag 
engine 155 compares the two lists to detect operatio.t3s that 
are "Oul of ProiHe" aod pawide m alartn to the system 
o]?erator. An Oitl of Frotile operation can indicate the 
operation of a Trojao Horn' program on the host, or the 
existence of a non-approved network application lhat has 
been installed. 

Similarly cited paragraph [0166] from the Copeland application only provides that 
packets from a compromised host are dropped: 

[0166] 'The akrt manager 6M look's for hosts whose 
tjeiwfirk usage indicates Out ^^f pR>ffle netwc^dv services. The 
new alarm cooditioos can causiie iffltmxibte operator ootili- 
cation by an operator notiJication process 642. These con- 
ditions cm be highlighted on the iiiser imertlacc, and cause 
SNMP trap messages to be sent to a network mo.o.itor such 
as IW Openview, and'or small messages to the network 
administrator which in luni may cause messages to be sent 
to beepers or cell phones. Messages can also be sent to cause 
automated devices such as a iircwall manager 644 to drop 
packets going to or frorti an o&adiog host. It will ilnis be 
appreciated that ihe present invention advantageously oper- 
ates in conjuoctiod with firewalls and other netwoirk security 
devices and proces.scs lo provide additioiiai protection tbr an 
eniily'-s computer netwcvrk and cfirnputer resources. 

Thus functionality, described in Copeland, is prototypical firewall behavior: 
block communications deemed malicious by the system. 

The problem with this approach, however, is that it cannot guarantee that the 
critical communications required to be carried by the network will continue to take place. 
As described in the example of paragraph [001 1] of present application US 
2005/0005017A1: 
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I The profiLm wiu^i rtio OM^tini; s^'^tcm.s lor vV^cikI- 
tng 3§,i>ns.f atJacks siich <ss trom worses is li ,n *J ort is ^lo 

flrvwaliii wilt nut block stcrvlccs \h^l i jn k _,jU iidtc u^e on 

ij-^nst ntiKk I p!is<.r,)n!; t tir tk m1\nr->ti nun 
s.,it MS in the 1 V I c u (J (t Htisp-ukJ at ui.^ t. tm- 

it^unii. itia is I %v t .1 tLliMtw, < irtjkt V.I 111] ^mtss-Siti 
iK tlIt,vU''«,i t-s?v vckiiscr Ujt js omsiiUvO !i^<ii4ist <m 
attack ifi order m ensure that these imj|xntmit OTmiKunica- 
tioiis are- not impacte^^ by the aitack response. 

To address this problem, the claimed invention requires specific fimctionality: 
allowing communications between network compartments based on a usage model. This 
is neither shown nor suggested by the applied reference. Moreover, this difference 
provides clear performance advantages by ensuring that mission-critical communications 
would not be blocked in an attack, contrary to the operation of the applied reference. 

-Dependent claims 2-4 

Claim 2 describes that the network that is compartmentalized is an enterprise 
network or service provider or public network. Thus, these claims fiirther highlight the 
distinction drawn previously concerning the lack of teaching of network 
compartmentalization in the applied reference. 

The applied references do not suggest compartmentalization of these specific 
types of networks. Moreover, the pending Office Action does not argue or explain why it 
would have been obvious to deploy access control devices to compartmentalize such 
networks, as claimed. 

-Dependent claims 20 and 34 

Dependent claims 20 and 34 specify how the blocking rules are generated in 
contrast to how the pass rules are generated. In more detail, claim 20 requires that "the 
pass rules are generated from the usage model and the blocking rules are generated from 
the protocol information and/or port information characteristic of the attack." 
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Nothing in the applied references suggests this way of generating pass rules as 
opposed to blocking rules. As explained previously, neither of the references teaches the 
notion of using "pass rules". And certainly, neither of the applied references teaches how 
such rules should be generated. 

Claim 15 is patentable over Copeland in view of Day (Grounds of Rejection: IV) 

Claim 15 is believed to be patentably distinguishable over the applied references 
for the reasons expressed in the traverse of independent claim 1, from which claim 15 
depends. The addition teachings of the Day do not undermine those arguments presented 
above. 

Thus, this claim is also believed to be patentable. 
Conclusion 

As explained above, the present claimed invention requires features neither shown 
nor suggested by the applied references: compartmentalization and issuance of pass rules. 
And, these features address the problem of ensuring that attack responses to not block 
legitimate network communications — ^problems which are not contemplated by the 
applied references. 

For the foregoing reasons. Applicants believe that the pending rejections should 
be withdrawn, and that the present application should be passed to issue. Should any 
questions arise, please contact the undersigned. 

RespectfiiUy submitted, 

Houston Eliseeva LLP 

By /grant houston/ 

J. Grant Houston 
Registration No.: 35,900 
4 Militia Drive, Ste. 4 
Lexington, MA 02421 
Tel.: 781-863-9991 
Fax: 781-863-9931 

Date: July 23, 2008 
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Claims Appendix 

1. (Previously presented) A system for controlling communications over a 
computer network, the system comprising: 

access control devices for the computer network that control communications 

between compartments of the computer network; 
attack detection system for determining whether the computer network may be 

under attack; and 

a control plane for instructing the access control devices to allow network 
communications between the compartments of the computer network 
based on a usage model describing legitimate network communications 

while restricting other network communications between the 
compartments, in response to attack. 

2. (Original) A system as claimed in claim 1, wherein the computer network is 
an enterprise network. 

3. (Original) A system as claimed in claim 1, wherein the computer network is a 
service provider network. 

4. (Original) A system as claimed in claim 1, wherein the computer network is a 
public network. 

5. (Original) A system as claimed in claim 1, wherein the access control devices 
compartmentalize the computer network into separate sub-networks of network 
devices. 

6. (Original) A system as claimed in claim 1, wherein the access control devices 
separate host computers from the computer network. 

7. (Original) A system as claimed in claim 1, further comprising a network 
modeling system for generating the usage model. 
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8. (Original) A system as claimed in claim 7, wherein the network modeling 
system receives flow information describing communications between network 
devices. 

9. (Original) A system as claimed in claim 8, wherein the flow information is 

collected by network communications devices. 

10. (Original) A system as claimed in claim 8, wherein the flow information is 
collected by the access control devices. 

1 1 . (Original) A system as claimed in claim 8, wherein the network modeling 
system discards flow information between network devices in the computer 
network and network devices external to the computer network. 

12. (Original) A system as claimed in claim 7, wherein the network modeling 
system compares new network communications to the usage model and updates 
the usage model if the new network communications are not described by the 
usage model. 

13. (Original) A system as claimed in claim 1, wherein entries in the usage 
model comprise source addresses, destination addresses, source ports, and 
destination ports derived from the network communications. 

14. (Original) A system as claimed in claim 1, wherein entries in the usage 
model comprise source addresses, destination addresses, source ports, and 

destination ports derived from the network communications in addition to time 
stamp information indicating when the network communication was last detected. 

15. (Original) A system as claimed in claim 1, wherein entries in the usage 
model comprise source addresses, destination addresses, source ports, and 
destination ports derived from the network communications in addition to 
frequency information indicating a frequency of the network communication. 
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16. (Original) A system as claimed in claim 1, wherein the attack detection 
system monitors communications over the computer network for attack using 
signature detection. 

17. (Original) A system as claimed in claim 1, wherein the attack detection 
system performs heuristic modeling to determine whether the computer network 
is under attack. 

18. (Original) A system as claimed in claim 1, wherein the attack detection 
system monitors communications over the computer network for attack by 
monitoring changes in connections between network devices. 

19. (Original) A system as claimed in claim 1, wherein the control plane receives 
protocol information and/or port information characteristic of the attack and 
generates pass and/or blocking rules for the access control devices. 

20. (Original) A system as claimed in claim 1, wherein the control plane receives 
protocol information and/or port information characteristic of the attack and 
generates pass rules and blocking rules for the access control devices, in which 

the pass rules arc generated from the usage model and the blocking rules arc 
generated from the protocol information and/or port information characteristic of 
the attack. 

21 . (Previously presented) A method for responding to an attack on a computer 
network, the method comprising: 

generating a usage model for the computer network; 

determining whether the computer network may be under attack; 

in response to detecting attack, determining characteristics of the attack; and 

generating instructions to access control devices compartmentalizing the 

computer network in response to the characteristics of the attack, wherein 
the step of generating instructions to the access control devices comprises 
formulating pass and/or blocking rules for the access control devices in 
response to protocol characteristics and/or port characteristic of the attack; 
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issuing the instructions to the access control device which then 

compartmentalize the computer network by implementing the pass and/or 
blocking rules. 

22. (Original) A method as claimed in claim 21, wherein the step of generating 
the usage model comprises saving records describing network communications to 
and from network devices on the computer network. 

23. (Original) A method as claimed in claim 21, wherein the step of generating 
the usage model comprises saving records describing network communications 
between network devices on the computer network. 

24. (Original) A method as claimed in claim 21, wherein the step of generating 
the usage model comprises saving records that include port, protocol, source 
address and destination address of network communications to and from network 
devices on the computer network. 

25. (Original) A method as claimed in claim 2 1 , further comprising the step of 
the access confrol device compartmentalizing the computer network into separate 
sub-networks of network devices. 

26. (Original) A method as claimed in claim 21, further comprising the step of 
the access control device compartmentalizing the computer network by separating 
host computers from the computer network. 

27. (Original) A method as claimed in claim 21, wherein the step of generating a 
usage model comprises: 

collecting flow information at network communications devices; and 
passing the flow information to a network modeling system. 

28. (Original) A method as claimed in claim 27, wherein the step of collecting 
flow information is performed by the access control devices. 
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29. (Original) A method as claimed in claim 21, wherein the step of generating a 
usage model comprises comparing network communications to the usage model 
and updating the usage model if the network communications are not described by 

the usage model. 

30. (Original) A method as claimed in claim 21, wherein the step of determining 
whether the computer network may be under attack comprises monitoring 
network communications for attack signatures. 

3 1 . (Original) A method as claimed in claim 2 1 , wherein the step of determining 
whether the computer network may be under attack comprises performing 
heuristic modeling to determine whether the computer network is under attack. 

32. (Original) A method as claimed in claim 21, wherein the step of determining 
whether the computer network may be under attack comprises monitoring 
changes in connections between network devices. 

33. (Cancelled) 

34. (Previously presented) A method as claimed in claim 21, wherein the step of 
generating instructions to the access control devices comprises generating pass 
rules and blocking rules for the access control devices, in which the pass rules are 
generated from the usage model and the blocking rules are generated from 
protocol and/or port characteristics of the attack. 

35. (Previously presented) A system for controlling communications over a 
computer network, the system comprising: 

access control devices for the computer network that control communications 

between compartments of the computer network; 
attack detection system for determining whether the computer network may be 

under attack; and 

a control plane for instructing the access control devices to only allow network 
communications between the host computers in different compartments of 
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the computer network based on a usage model describing legitimate 
network communications while restricting all other network 
communications between the host computers, in response to attack. 
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Evidence Appendix 



None 
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Related Proceedings Appendix 



None 
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